An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

In terms of mobile malware, Android has been a primary target, attacked by various types of malicious software. From adware, to Trojans and ransomware, Android users should be extra cautious and should think about the protection of their devices, especially when new devastating threats emerge.

One quite dangerous Android threat that users should be aware of is the Acecard Trojan. First detected in 2014, Acecard is a perfect example of how malware, mobile malware included, evolves and becomes disastrous to its victims. When it was first ‘released’, Acecard was a simple piece of malicious code – a sniffer aiming at the collection of personal information. Collected data was then sent to the command and control server.

Back then, malware researchers weren’t particularly interested in Acecard, regarded as just another Android Trojan with nothing special to offer. However, the current state of Acecard proves that its developers not only didn’t give up but they also continued to improve its capabilities. As a result of their continuous efforts, Acecard is now a very effective phishing tool. So effective that in terms of what it can do, Acecard can easily be compared with its desktop brothers.

A look into Acecard attacks

Acecard’s first attacks were registered in May 2015, when the Trojan targeted Australian banks. This is when the research team from Kaspersky Lab began observing the threat closely, analyzing its behavior. Back then, attacks on Australian banks were unusually high in number and frequency, and Kaspersky found out that a single banking Trojan was responsible. Acecard.

The Trojan is capable of performing almost any malware functionality currently available on the malware market. Acecard can steal a bank’s text and voice messages, it can simulate the official login page of the bank to try and steal users’ PII and account credentials. Acecard’s most recent version can also attack about 30 banks’ client applications and payment systems. Unfortunately, Trojans such as Acecard can overlay any app upon command, which means that the number of targets may even be bigger than 30.

The Kaspersky Lab team registered more than 6,000 attacks taking place between May and September 2015 and targeting German, Russian and Australian users. However, other banks were also compromised – French, Spanish, American, British, and Austrian.

Not surprisingly, all these statistics add up to the biggest compilation of phishing interstitials in Android registered to this date.

According to security researchers, Acecard can successfully imitate 32 banking systems, PayPal included, plus the Google Play and Google Music payment screens. To make things ever worse, we should add the imitation of 17 Russian banks’ payment systems and their SMS-based verifications.

Not only does the Trojan affect multiple banks. Its range of capabilities incorporate social networks (Twitter, Facebook, Instagram), and services such as Gmail Android and instant messengers such as Skype, Viber and WhatsApp. Acecard attacks, involving any of these services, harvest login credentials which are then transferred to the criminal command and control server.

A look into Acecard’s distribution methods

The primary distribution channel is, not surprisingly, spam. Spam emails are tricking users to visit third-party app stores where the Trojan is most likely hiding. Acecard can also present itself as a version of Adobe Flash for Android, or as an Android porn app identified as PornoVideo.

Keep In Mind Android users should remember that Adobe put an end to the development of Android Flash in 2012. Any attempts prompting them to install Flash on their Android devices should serve as an indication of malicious intentions.

What to do, if your Android device was compromised by malware

The very first thing to remember is that antivirus protection is crucial to both your PC and your mobile device. In 2015, mobile malware was a huge problem to IT security, and as it turns out, things won’t be much different in 2016.

If your Android device became a victim to a mobile Trojan or ransomware, refer to the steps below. Also, make sure to leave a comment in the topic about Acecard in our security forums.

1. Back up the data on your device

Back up the data on your phone

CAUTION! Before attempting any removals and drive formatting on your device, you should know that it is essential to save all your important contacts and files from your phone. There are several methods to backup your files:

Method I: Using online backup software or a memory card if the device supports it.

Method II: Connecting to another device and copying the data directly.

This is a bit risky option since the device may have malware on it. This is why, first you need to enter the device’s Safe Mode:

For RAZR Droid Devices:

1.Switch off the smartphone and remove the battery for a few seconds then plug it back in.

2.Switch the phone on.

3.You should see a Motorola Dual Core screen appearing. You should press and hold the Volume up, and Volume Down keys on the side of the smartphone. Hold them until the lock screen shows up with ‘Safe Mode’ written in the lower corner.

For HTC Devices:

1.Switch off the smartphone and remove the battery for a few seconds then plug it back in.

2.Turn on your phone while simultaneously holding down the Menu Button. When it starts, keep pressing the Menu Button until you see ‘Safe Mode’ menu appearing in the lower corner.

For Nexus devices:

1.Switch off the smartphone and remove the battery for a few seconds then plug it back in. 2.Turn on the phone. 3.When the welcome Logo Screen shows up, hold the trackball while pressing it until a lock screen shows up, or you see ‘Safe Mode’ written in the bottom corner.

For Other Motorola Devices:

1.Switch off the smartphone and remove the battery for a few seconds then plug it back in. 2.Hold down the Menu Button after you press it while turning on the phone. When it boots, hold the button down upon seeing the lock screen or feeling the phone vibrate.

For Moto G Devices: 1.Press the Power Button and hold it on until the list with options pop-up. 2.Hold the Power off button and wait for a ‘Reboot to Safe Mode’ option to appear. 3.Tap it and let the phone reset.

For Samsung Galaxy Devices:

1.While the device is on, hold down the Power Button and wait for the Options List. 2.Wait for a ‘Restart to Safe Mode’ option to appear. 3.Choose this setting. The device will restart.

For Apple Devices:

1. While your device is locked, hold down the Power Button and the Home Button until you see a white Apple logo. 2. Once you see the logo, let go from those buttons and start holding the Volume Up button. (Give it a little time to boot up) 3. Now the phone should boot in Safe Mode without any third-parties running.

And now it is time to proceed by doing the actual backup:

Apple iOS

1. Connect your device and select it in iTunes. 2. From the Backups section go to Manually Back Up and Restore and tap on Back Up Now.

Android

1. Connect your device via USB to a computer and select Use as a Media Device. You may also see use as file transfer option. 2. Go to your phone from My Computer and copy all the files you need. 3. If the phone has an option to install its drivers onto your computer, select it and install them since this will simplify the process of copying your contact list on your computer.

2. Hard-reset your device and remove

Hard-Reset Your Smartphone

For Apple iPhone and iPad Devices:

Option I: Via the device

1.Back up your data using iCloud or another backup method. 2. Go to the Settings menu and go to General. 3. On the bottom, tap on Reset. 4. Tap on Erase All Content and Settings. 5. Confirm it by tapping on the red Erase button and then type your password.

Option II: Via iTunes

1. Connect your device and open iTunes. 2. Click on the device‘s name and model to open the dialog box. 3. From there, click on the button “Restore”

For Android Devices:

After you have backed up your files, you should perform a clean wipe-out of your phone. This can happen either via one of the options in Safe Mode or by entering your device’s Recovery Mode. Several methods exist in order to enter Recovery Mode of your device:

For Nexus Devices: – Hold the Volume Down + Volume Up + Power button until a Recovery menu appears. After that, you should select the Wipe Data/Factory reset option. Nexus 4 may work with Volume Up + Power + Volume Down.

For Samsung Devices: – Hold the Volume Up + Power Button + Home Button until a Recovery menu appears. After that, you should select the Wipe Data/Factory reset option.

For Motorola Droid X Devices: Hold the Home Button + Power Button until a Recovery menu appears. After that, you should select the Wipe Data/Factory reset setting.

For other devices with camera buttons on them: Hold the Volume Up + Camera Button until a Recovery Menu appears. After this, you should choose the Wipe Data/Factory reset option.

Also in case you have backed up your device in a Google Account, you will be able to restore your data after a complete wipe-out by just logging into your Google Account with you email and password.

Restore Missing or Corrupt Files

1. Connect your phone via a USB cable. You should see it in “My Computer” 2. Use different file recovery software to scan for and recover the files in its drive. Examples of programs we have tested are provided below:

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!